Re: Bits from dpkg developers - dpkg 1.16.1

To: Riku Voipio <riku.voipio@iki.fi>
Cc: debian-devel@lists.debian.org
Subject: Re: Bits from dpkg developers - dpkg 1.16.1
From: Mike Hommey <mh@glandium.org>
Date: Wed, 28 Sep 2011 23:38:06 +0200
Message-id: <[🔎] 20110928213806.GA30634@glandium.org>
Mail-followup-to: Riku Voipio <riku.voipio@iki.fi>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20110928195215.GA24941@afflict.kos.to>
References: <20110923061754.GA11781@rivendell.home.ouaza.com> <[🔎] 20110928010154.GH6573@outflux.net> <[🔎] 20110928195215.GA24941@afflict.kos.to>

On Wed, Sep 28, 2011 at 10:52:15PM +0300, Riku Voipio wrote:
> On Tue, Sep 27, 2011 at 06:01:54PM -0700, Kees Cook wrote:
> > Just to be explicit, PIE tends to have small (<1%) performance hits on
> > register-starved architectures (i386) in most cases, for for certain work
> > loads (e.g. python) the hit is large (~15%). On architectures with plenty
> > of registers (amd64) there's virtually no measurable performance hit that
> > I've seen.
>  
> > If your package handles 3rd party data of any kind (renders, network
> > daemons, file parsers, etc), I strongly recommend enabling PIE.
> 
> However, on 32bit architectures address space randomizing (which is why
> people try sell PIE as a security feature) does not add much security.
> 
>   http://benpfaff.org/papers/asrandom.pdf

Also note that as long as you can read memory in the process and have
access to /proc/self/auxv, you can find the base address of all
libraries.

Mike

Reply to:

References:
- Re: Bits from dpkg developers - dpkg 1.16.1
  - From: Kees Cook <kees@debian.org>
- Re: Bits from dpkg developers - dpkg 1.16.1
  - From: Riku Voipio <riku.voipio@iki.fi>

Prev by Date: Bug#643712: general: GNOME or GTK tabs are very slow
Next by Date: Re: Bits from dpkg developers - dpkg 1.16.1
Previous by thread: Re: Bits from dpkg developers - dpkg 1.16.1
Next by thread: Re: Bits from dpkg developers - dpkg 1.16.1
Index(es):
- Date
- Thread